| Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 |
| Ran by SYSTEM on MININT-GGP92B3 on 10-08-2014 14:50:00 |
| Running from i:\ |
| Platform: Windows 7 Home Premium (X64) OS Language: Englisch (USA) |
| Internet Explorer Version 11 |
| Boot Mode: Recovery |
| The current controlset is ControlSet001 |
| ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. |
| The only official download link for FRST: |
| Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ |
| Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ |
| Download link from any site other than Bleeping Computer is unpermitted or outdated. |
| See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ |
| ==================== Registry (Whitelisted) ================== |
| (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) |
| HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-01] (IDT, Inc.) |
| HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2014-06-07] (Synaptics Incorporated) |
| HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company) |
| HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) |
| HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-30] (Advanced Micro Devices, Inc.) |
| HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2014-06-07] (Renesas Electronics Corporation) |
| HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.) |
| HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-24] (cyberlink) |
| HKLM-x32\...\Run: [] => [X] |
| HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) |
| HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.) |
| HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated) |
| HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated) |
| HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-12-13] (EasyBits Software AS) |
| HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.) |
| HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) |
| HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-03-26] (RealNetworks, Inc.) |
| Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) |
| HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 |
| HKU\Mike\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company) |
| HKU\Mike\...\Run: [Spotify] => C:\Users\Mike\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-24] (Spotify Ltd) |
| HKU\Mike\...\Run: [Spotify Web Helper] => C:\Users\Mike\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-24] (Spotify Ltd) |
| Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk |
| ShortcutTarget: explorer.lnk -> C:\ProgramData\D250639581322285A2C4C66618854AE5\zy4j04.cpp () |
| ==================== Services (Whitelisted) ================= |
| (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) |
| S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) |
| S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-24] (CyberLink) |
| S2 Winmgmt; C:\ProgramData\D250639581322285A2C4C66618854AE5\40j4yz.dot [332020 2014-06-14] (Microsoft Corporation) |
| ==================== Drivers (Whitelisted) ==================== |
| (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) |
| S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-17] (Kaspersky Lab ZAO) |
| S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO) |
| S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-10-17] (Kaspersky Lab ZAO) |
| S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO) |
| S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) |
| S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) |
| S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) |
| S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) |
| S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO) |
| ==================== NetSvcs (Whitelisted) =================== |
| (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) |
| ==================== One Month Created Files and Folders ======== |
| (If an entry is included in the fixlist, the file\folder will be moved.) |
| 2014-08-10 14:49 - 2014-08-10 14:50 - 00000000 ____D () C:\FRST |
| 2014-08-10 04:07 - 2014-08-10 04:09 - 00000345 _____ () C:\ProgramData\RUNDLL32.EXE-2772-F.txt |
| 2014-08-10 03:53 - 2014-08-10 03:54 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2752-F.txt |
| 2014-07-15 11:29 - 2014-07-15 11:30 - 00000534 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt |
| 2014-07-15 11:23 - 2014-07-15 11:23 - 00002334 _____ () C:\Users\Mike\Desktop\Sicherer Zahlungsverkehr.lnk |
| 2014-07-15 11:23 - 2014-07-15 11:23 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk |
| 2014-07-15 11:23 - 2013-05-05 23:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\System32\klfphc.dll |
| 2014-07-15 11:21 - 2014-08-10 04:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab |
| 2014-07-15 11:21 - 2014-07-15 11:21 - 00000000 ____D () C:\Windows\ELAMBKUP |
| 2014-07-15 11:21 - 2014-07-15 11:21 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab |
| 2014-07-15 11:17 - 2013-10-17 05:47 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys |
| 2014-07-15 11:17 - 2013-06-08 10:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys |
| 2014-07-12 01:11 - 2014-07-12 01:11 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3328-F.txt |
| 2014-07-12 01:06 - 2014-07-12 01:09 - 00000458 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt |
| 2014-07-12 01:04 - 2014-07-12 01:05 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt |
| 2014-07-12 01:02 - 2014-07-12 01:02 - 00000169 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt |
| 2014-07-12 00:57 - 2014-08-10 03:57 - 00000510 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt |
| 2014-07-12 00:19 - 2014-07-12 00:20 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2832-F.txt |
| 2014-07-12 00:04 - 2014-07-12 00:18 - 00001913 _____ () C:\ProgramData\RUNDLL32.EXE-2492-F.txt |
| ==================== One Month Modified Files and Folders ======= |
| (If an entry is included in the fixlist, the file\folder will be moved.) |
| 2014-08-10 14:50 - 2014-08-10 14:49 - 00000000 ____D () C:\FRST |
| 2014-08-10 04:24 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 |
| 2014-08-10 04:24 - 2009-07-13 20:45 - 00023024 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 |
| 2014-08-10 04:23 - 2014-06-16 23:03 - 00000505 _____ () C:\ProgramData\RUNDLL32.EXE-2756-F.txt |
| 2014-08-10 04:21 - 2014-07-15 11:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab |
| 2014-08-10 04:21 - 2014-05-24 08:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Spotify |
| 2014-08-10 04:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT |
| 2014-08-10 04:19 - 2009-07-13 20:51 - 00062931 _____ () C:\Windows\setupact.log |
| 2014-08-10 04:09 - 2014-08-10 04:07 - 00000345 _____ () C:\ProgramData\RUNDLL32.EXE-2772-F.txt |
| 2014-08-10 03:57 - 2014-07-12 00:57 - 00000510 _____ () C:\ProgramData\RUNDLL32.EXE-2844-F.txt |
| 2014-08-10 03:54 - 2014-08-10 03:53 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2752-F.txt |
| 2014-08-10 03:52 - 2011-05-07 08:03 - 00247958 _____ () C:\Windows\PFRO.log |
| 2014-07-15 11:30 - 2014-07-15 11:29 - 00000534 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt |
| 2014-07-15 11:30 - 2014-05-24 08:28 - 00000000 ____D () C:\Users\Mike\AppData\Local\Spotify |
| 2014-07-15 11:29 - 2011-05-07 07:38 - 01061204 _____ () C:\Windows\WindowsUpdate.log |
| 2014-07-15 11:23 - 2014-07-15 11:23 - 00002334 _____ () C:\Users\Mike\Desktop\Sicherer Zahlungsverkehr.lnk |
| 2014-07-15 11:23 - 2014-07-15 11:23 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk |
| 2014-07-15 11:21 - 2014-07-15 11:21 - 00000000 ____D () C:\Windows\ELAMBKUP |
| 2014-07-15 11:21 - 2014-07-15 11:21 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab |
| 2014-07-15 11:12 - 2011-05-07 08:09 - 00000000 ____D () C:\ProgramData\Norton |
| 2014-07-12 01:11 - 2014-07-12 01:11 - 00000059 _____ () C:\ProgramData\RUNDLL32.EXE-3328-F.txt |
| 2014-07-12 01:09 - 2014-07-12 01:06 - 00000458 _____ () C:\ProgramData\RUNDLL32.EXE-2800-F.txt |
| 2014-07-12 01:05 - 2014-07-12 01:04 - 00000115 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt |
| 2014-07-12 01:02 - 2014-07-12 01:02 - 00000169 _____ () C:\ProgramData\RUNDLL32.EXE-3044-F.txt |
| 2014-07-12 00:20 - 2014-07-12 00:19 - 00000114 _____ () C:\ProgramData\RUNDLL32.EXE-2832-F.txt |
| 2014-07-12 00:18 - 2014-07-12 00:04 - 00001913 _____ () C:\ProgramData\RUNDLL32.EXE-2492-F.txt |
| Some content of TEMP: |
| ==================== |
| C:\Users\Mike\AppData\Local\Temp\autorun.dll |
| C:\Users\Mike\AppData\Local\Temp\Execute2App.exe |
| C:\Users\Mike\AppData\Local\Temp\Extract.exe |
| C:\Users\Mike\AppData\Local\Temp\lowproc.exe |
| C:\Users\Mike\AppData\Local\Temp\msvcp90.dll |
| C:\Users\Mike\AppData\Local\Temp\msvcr90.dll |
| C:\Users\Mike\AppData\Local\Temp\SP52503.exe |
| C:\Users\Mike\AppData\Local\Temp\SP52509.exe |
| C:\Users\Mike\AppData\Local\Temp\SP52898.exe |
| C:\Users\Mike\AppData\Local\Temp\SP53998.exe |
| C:\Users\Mike\AppData\Local\Temp\SP54714.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55068.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55094.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55101.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55102.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55107.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55109.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55150.exe |
| C:\Users\Mike\AppData\Local\Temp\SP55152.exe |
| C:\Users\Mike\AppData\Local\Temp\sp58915.exe |
| C:\Users\Mike\AppData\Local\Temp\stubhelper.dll |
| C:\Users\Mike\AppData\Local\Temp\UninstallHPSA.exe |
| C:\Users\Mike\AppData\Local\Temp\UninstallHPTCA.exe |
| ==================== Known DLLs (Whitelisted) ================ |
| ==================== Bamital & volsnap Check ================= |
| (There is no automatic fix for files that do not pass verification.) |
| C:\Windows\System32\winlogon.exe => MD5 is legit |
| C:\Windows\System32\wininit.exe => MD5 is legit |
| C:\Windows\SysWOW64\wininit.exe => MD5 is legit |
| C:\Windows\explorer.exe => MD5 is legit |
| C:\Windows\SysWOW64\explorer.exe => MD5 is legit |
| C:\Windows\System32\svchost.exe => MD5 is legit |
| C:\Windows\SysWOW64\svchost.exe => MD5 is legit |
| C:\Windows\System32\services.exe => MD5 is legit |
| C:\Windows\System32\User32.dll => MD5 is legit |
| C:\Windows\SysWOW64\User32.dll => MD5 is legit |
| C:\Windows\System32\userinit.exe => MD5 is legit |
| C:\Windows\SysWOW64\userinit.exe => MD5 is legit |
| C:\Windows\System32\rpcss.dll => MD5 is legit |
| C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit |
| ==================== Restore Points ========================= |
| Restore point made on: 2014-06-07 04:30:52 |
| Restore point made on: 2014-06-07 04:31:46 |
| Restore point made on: 2014-06-07 04:40:26 |
| Restore point made on: 2014-06-07 04:45:15 |
| Restore point made on: 2014-06-11 07:57:16 |
| Restore point made on: 2014-06-11 23:22:37 |
| Restore point made on: 2014-06-20 15:24:38 |
| Restore point made on: 2014-07-04 07:06:21 |
| ==================== Memory info =========================== |
| Percentage of memory in use: 11% |
| Total physical RAM: 8139.86 MB |
| Available physical RAM: 7208.55 MB |
| Total Pagefile: 8138.01 MB |
| Available Pagefile: 7201.69 MB |
| Total Virtual: 8192 MB |
| Available Virtual: 8191.88 MB |
| ==================== Drives ================================ |
| Drive c: () (Fixed) (Total:914.56 GB) (Free:832.88 GB) NTFS ==>[System with boot components (obtained from reading drive)] |
| Drive d: () (Fixed) (Total:931.51 GB) (Free:923.61 GB) NTFS |
| Drive f: (RECOVERY) (Fixed) (Total:16.65 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] |
| Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 |
| Drive h: (KIS 2014) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS |
| Drive i: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 |
| Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS |
| Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] |
| ==================== MBR & Partition Table ================== |
| ======================================================== |
| Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 067D8327) |
| Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) |
| Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS) |
| Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) |
| Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) |
| ======================================================== |
| Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2CD2F13C) |
| Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) |
| ======================================================== |
| Disk: 2 (Size: 2 GB) (Disk ID: 00000000) |
| Partition: GPT Partition Type. |
| LastRegBack: 2014-07-08 00:18 |
| ==================== End Of Log ============================ |
10.08.2014, 16:31
Baum-Darstellung